Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Semantic web and privacy | Main | Lessons Learned: Don't Blindly Trust Your Business Partners; the FTC Still Holds You Accountable »

Privacy Gurus and Tech Giants Speak to Congress on 6/20 About the Need for a Unified Data Protection Law

There was an interesting short piece published on CNET News today, "Tech titans lobby for national consumer privacy laws."  Basically the tech giants are pushing for a single unified privacy law to apply to all businesses.  Gee, makes sense, doesn't it?  Too bad congress has been creating hodge-podge data protection (privacy) legislation for the past couple of decades.  Well, it's better than not having anything. 

The meeting took place today with a group from the U.S. House of Representatives, the Subcommittee on Consumer Protection.

Well...the news item whetted my curiosity whistle...but I like to go to the source for the full details.  The meeting is currently available via a webcast but (RATS!) not yet the full transcript.  Arrggghhh...it is too late in the evening for me to listen to all of this...something to add to my to-do list for tomorrow.

The Witness List & Prepared Testimony came from Meg Whitman, President and CEO, eBay Inc, Dr. Thomas M. Lenard Ph.D., Senior Vice President for Research, The Progress & Freedom Foundation, Peter Swire ,  Professor, C. William O'Neill Professor of Law Moritz College of Law, The Ohio State University, Scott Taylor, Chief Privacy Officer, Hewlett-Packard Company, Evan Hendricks, Editor/Publisher, Privacy Times.

Their prepared statement, quite short, is also endorsed by Google, Microsoft and several other tech leaders, and pushes for a:

"comprehensive harmonized federal privacy legislation to create a simplified, uniform but flexible legal framework. The legislation should provide protection for consumers from inappropriate collection and misuse of their personal information and also enable legitimate businesses to use information to promote economic and social value. In principle, such legislation would address businesses collecting personal information from consumers in a transparent manner with appropriate notice; providing consumers with meaningful choice regarding the use and disclosure of that information; allowing consumers reasonable access to personal information they have provided; and protecting such information from misuse or unauthorized access. Because a national standard would preempt state laws, a robust framework is warranted."

Such a law truly would start to coincide with all the non-U.S. data protection laws currently in effect.  Harmonization is a great idea, and I urge companies to use that concept with their compliance efforts.  There are many commonalities and overlaps among existing laws, both U.S. and non-U.S.  It would be interesting to see how such a comprehensive law would impact the existing U.S. laws...or vice versa.

One of the subcommittee members, Cliff Stearns (or Joe Barton; it's hard to tell the way the document is labelled) appears to support such legislation.

This will be something to keep an eye on...hopefully this is not just activity coming at a time to placate the public's concerns with the glut of privacy/security incidents occurring in the past couple of years.  Both businesses and the public need a strong data protection law to help provide security and privacy, as well as provide a legal framework around which organizations can build strong privacy/security programs.  Will congress be brave enough to pass such a strong law with teeth and no loopholes?  Time will tell.  At least one eye will keep on this issue...

Technorati Tags







 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 20, 2006 11:04 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/108

Listed below are links to weblogs that reference Privacy Gurus and Tech Giants Speak to Congress on 6/20 About the Need for a Unified Data Protection Law:

» Fire Safe from Fire Safe
Fire Safe [Read More]

Tracked on July 18, 2006 3:16 AM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.